At 5:26 PM -0500 10/9/96, Kevin L Prigge wrote:
Timothy C. May said:
Something ISPs could do--and may do if there is sufficient customer pressure--is to adopt a policy of "forward secrecy" (to slightly abuse this technical term). That is, to have an explicit policy--implemented in the software--of _really_ deleting the back messages once a customer downloads them to his site. This means that _backups_ must be done in a careful manner, such that even the backup tapes or disks are affected by a removal.
Interesting thought, but it fails when it gets to my scale. It would be trivial to exclude a file or set of files from normal backup, but it would be problematic to exclude files from filesystem dumps, etc. The scale I deal with (40,000 users, 12gb of /home directory files and about the same in the mail spool) would make it almost impossible to provide this service with accuracy to my users.
Were I implementing this on my present system, with three hard disks (.5, 1.0, and 2.9 GB), I would just move the mail spool for the "no backups" customers to one of the disks and then just not back it up. I realize this could be a headache for ISPs, but the principle seems easy enough to realize: move the mail files to a place that is not backed up. (By the way, the backup utility I have is very easy to configure to back up some files, not others, on all kinds of varying schedules. I would've thought "tar" and other such vaunted Unix tools are at least as configurable.) Again, I think the most straightforward approach is to offer two kinds of service: backups and no backups. And the "no backup" customers know that no backups are kept. (BTW, it's also possible the ISP could offer a "crash recovery" buffer of, say, a few days or a few weeks, to cover crashes of its own system. The crash recovery disk would, ideally, be overwritten, with no permanent copy of it ever made. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."